Sunday, August 26, 2012

One conference down, one to go....

Back fromToorCamp, 2012. To get a sense of the event, check out the closing video
http://www.youtube.com/watch?v=Q7IeJ0HGK6o. Here are a few pictures of the camp I snapped on my phone, including the dome in the distance.

The camp site was right next to the beach, too. Neah Bay is the northwest-most point of the continental US, so the Pacific Ocean formed the back yard for the talk.

The main dome hosted the various talks. Here's a closer view, including the podium in the back:

I delivered my talk on firmware security on Thursday afternoon. A link to my foils for

“UEFI Secure Boot and challenges in platform firmware” can be found at https://docs.google.com/open?id=0BxgB4JDywk3MWnM0WmNXMHBTcm8. The other talks were a mix of information security and the maker movement leading up to my presentation, so I treated my discussion of firmware security alongside a a review of the UDK2010 open source implementation of UEFI Secure Boot and the user controls enabled via Custom Mode on IA32 machines. Insightful questions both during the talk and with the researchers afterward.

Other interesting talks included Dan Griffin's discussion on TPM's and UEFI, which largely focused on measured boot from the operating system perspective. This talk was a shortened version of his DEFCON talk https://docs.google.com/file/d/0B7n3jaMQDSNCeDJBd2tnRGIxbDA/edit#. Dan Kaminsky also spoke about all things security, including weaknesses of random number generators http://dankaminsky.com/2012/08/15/dakarand/. Other interesting perspectives from DanK included how type safe language are not the security panacea since different machine on the network are written in different languages, so all communications must convert data to strings. And it is in these strings that attacks, injections, and vulnerabilities occur. Hearing both Seattle Dan's speak alone was worth the trip.

Overall, I enjoyed having the opportunity to participate in this type of conference. The spirit of creation, invention and curiosity was infectious and shared by all. And the accommodations were quite interesting, too.

Next stop is the Intel Developer Forum in San Francisco on September 10. I suspect that my hotel will be a little further detached from Mother Nature, though.